Why I cant access a kubernetes pod from other Nodes IP?

问题

I've installed kubernetes cluster with help of Kubespray. Cluster having 3 Nodes (2 Master & 1 Worker). node1 - 10.1.10.110, node2 - 10.1.10.111, node3 - 10.1.10.112

$ kubectl get nodes
NAME    STATUS   ROLES    AGE   VERSION
node1   Ready    master   12d   v1.18.5
node2   Ready    master   12d   v1.18.5
node3   Ready    <none>   12d   v1.18.5

I deployed this pod in node1 (10.1.10.110) and exposed nodeport service as shown.

NAMESPACE     NAME                                              READY   STATUS    RESTARTS   AGE     IP             NODE    NOMINATED NODE   READINESS GATES

default       pod/httpd-deployment-598596ddfc-n56jq             1/1     Running   0          7d21h   10.233.64.15   node1   <none>           <none>
---
NAMESPACE     NAME                                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE     SELECTOR

default       service/httpd-service               NodePort    10.233.16.84    <none>        80:31520/TCP             12d     app=httpd

Service description

$ kubectl describe services -n default httpd-service
Name:                     httpd-service
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 app=httpd
Type:                     NodePort
IP:                       10.233.16.84
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31520/TCP
Endpoints:                10.233.64.15:80
Session Affinity:         None
External Traffic Policy:  Cluster

Question: I can able to access the service from node1:31520 (where the pod actually deployed) but can't able to access the same service from other nodes (node2:31520 (or) node3:31520)

$curl http://10.1.10.110:31520
<html><body><h1>It Works!</h1></body></html>

but if I curl with other node IP, timed out response

$curl http://10.1.10.111:31520
curl (7): Failed connect to 10.1.10.111; Connection timed out

$curl http://10.1.10.112:31520
curl (7): Failed connect to 10.1.10.112; Connection timed out

Can anyone suggest what I am missing ?

回答1:

Because you have only one pod on 10.1.10.110

Your curl is wrong, you didn't deploy a pod on 111 and 112 nodes, this is the reason that the endpoints aren't working. Just execute curl http://10.1.10.110:31520 on the other nodes and it will work

回答2:

Ideally you should be able to access a pod via NodePort using any of the nodes IP. If kube-proxy or CNI Plugin(calico etc) are not working properly in your cluster then it can cause the problem where pod is not reachable via a Nodes IP on which the Pod is not scheduled.

Check this related question kubernetes: cannot access NodePort from other machines

来源：https://stackoverflow.com/questions/62898469/why-i-cant-access-a-kubernetes-pod-from-other-nodes-ip